Beijing Yunfan Internet Technology Yunfan Learning Examination System Improper Authentication Vulnerability via JWT Token

A critical vulnerability has been identified in version 1.9.2 of the Yunfan Learning Examination System by Beijing Yunfan Internet Technology. The issue resides in the JWT Token Handler component, specifically within the SysUserControl file. The vulnerability allows for improper authentication, as the system's JWT tokens can be exploited universally across any server using this application. The flaw arises because the application does not properly validate JWT tokens during the login process. As a result, an attacker can replace the existing JWT with a crafted token that bypasses authentication and grants administrative privileges.

Impact

Exploitation of this vulnerability allows unauthorized users to gain administrative access to the application, potentially leading to further actions or changes within the system that could cause significant harm.

Reproduction

To reproduce this vulnerability, send a POST request to the '/exam/api/sys/user/paging' endpoint. Include a JWT token that has not been properly validated by the application. The request can be made without prior authentication, and the included JWT will be accepted, granting administrative rights.